Security Articles

91 min read

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Palo Alto Networks Unit 42 disclosed a security vulnerability in Google Cloud's Vertex AI platform where AI agents could be weaponized to access sensitive data.

Cloudflare

11 min read

Introducing Programmable Flow Protection: custom DDoS mitigation logic for Magic Transit customers

Cloudflare introduces Programmable Flow Protection, a beta feature for Magic Transit Enterprise customers that lets them deploy custom eBPF-based DDoS mitigation logic across Cloudflare's global network.

Axios package compromise and remediation steps

The axios npm package was compromised in an active supply chain attack discovered on March 31, 2026, and Vercel has documented remediation steps.

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

This article covers the Silver Fox (SwimSnake) threat group's expanded Asia cyber campaign using a newly discovered AtlasCross RAT delivered via typosquatted domains.

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

This article argues that AI-driven threats have fundamentally changed cybersecurity, making unified exposure management a strategic necessity.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios HTTP client versions 1.14.1 and 0.30.4 were poisoned via a compromised npm maintainer account, deploying a cross-platform RAT.

11 min read

Security•2026-03-30

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

This article covers two critical security vulnerabilities discovered in OpenAI's ChatGPT and Codex that have since been patched.

Google Cloud

112 min read

Security•2026-03-30

Cloud CISO Perspectives: RSAC '26: AI, security, and the workforce of the future

Nick Godfrey recaps RSA Conference 2026 discussions on AI's dual role in cybersecurity offense and defense, and Google Cloud's security strategy.

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

This article covers DeepLoad, a newly discovered malware loader that uses ClickFix social engineering, AI-assisted obfuscation, and WMI persistence to steal browser credentials.